Acme

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A cross-site scripting issue exists in the '/inventory/add new customer' file. This flaw allows a remote attacker to initiate an attack via manipulation of the affected file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A remote cross-site scripting issue exists in the file '/accounts/chart-save'. This allows an attacker to execute malicious scripts in the victim's browser. **Recommendations** As a temporary workaround, restrict access to the '/accounts/chart-save' file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A cross-site scripting issue exists in the `/accounts/mr-save` file. This flaw allows a remote attacker to execute malicious scripts through the manipulation of unknown code within that file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A cross-site scripting issue exists in the file '/inventory/customer-save'. This flaw allows a remote attacker to execute malicious scripts through the manipulation of an unspecified function within that file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A weakness in an unknown function within the '/inventory/purchase return save' file allows for remote cross-site scripting (XSS), a technique where malicious scripts are injected into trusted websites. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/inventory/purchase return save' file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A cross-site scripting issue exists in the `/inventory/supplier-save` file. This flaw allows remote exploitation through the manipulation of an unknown function within that file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A flaw in the file '/inventory/item-save' allows for remote cross-site scripting (XSS), a technique where malicious scripts are injected into trusted websites. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A cross-site scripting issue exists in the '/inventory/purchase save' file. This flaw allows a remote attacker to execute malicious scripts by manipulating an unknown functionality within that file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Devs Palace ERP Online versions prior to 4.0.0 **Description** A cross-site scripting issue exists in the '/inventory/sales save' file. This flaw allows a remote attacker to execute malicious scripts via the manipulation of unknown functionality within that file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebSystems WebTOTUM 2026 **Description** A flaw in the Calendar component allows for remote cross site scripting, which occurs when a malicious script is injected into a trusted website and executed in the victim's browser. **Recommendations** Upgrade the Calendar component to the fixed version.

**Name of the Vulnerable Software and Affected Versions** ERP Online versions prior to 4.0.0 **Description** A cross site scripting flaw exists in the Inventory Edit Item Page component. Remote attackers can exploit this by manipulating the `Item Name` argument. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** European Chemicals Agency IUCLID version 7.10.3 **Description** A critical vulnerability was found in the European Chemicals Agency IUCLID, affecting an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. **Recommendations** For version 7.10.3, as a temporary workaround, consider restricting access to the `iuclid6.exe` file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AtroCore AtroPIM version 1.8.4 **Description** A vulnerability was found in AtroCore AtroPIM, affecting an unknown part of the file /#ProductSerie/view/ of the component Product Series Overview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For AtroCore AtroPIM version 1.8.4, as a temporary workaround, consider restricting access to the `/#ProductSerie/view/` endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.